Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

AOS 8.X Restrict access to specific Node

This thread has been viewed 46 times

  • 1.  AOS 8.X Restrict access to specific Node

    Posted Feb 28, 2019 08:51 AM

    Hello All,

    I'm currently running 8.4, and am interested in restricting management access to a specific node. I know I can do that if I create a local user on the MM. I'm curious if it is possible to do this while utilizing TACACS? (CPPM)

    Any insight is appreciated



  • 2.  RE: AOS 8.X Restrict access to specific Node
    Best Answer

    Posted Feb 28, 2019 08:55 AM
    You can use RADIUS and return the Aruba-Admin-Path



    Thank you

    Victor Fabian

    Pardon typos sent from Mobile


  • 3.  RE: AOS 8.X Restrict access to specific Node

    Posted Feb 28, 2019 08:56 AM

    Great, That'll work. Thanks Victor



  • 4.  RE: AOS 8.X Restrict access to specific Node

    EMPLOYEE
    Posted Aug 29, 2019 02:13 PM

    what would be the syntax for the value of this VSA?  I have tried node_name, /md/node_name, and node /md/node_name.



  • 5.  RE: AOS 8.X Restrict access to specific Node

    EMPLOYEE
    Posted Jan 19, 2020 09:32 AM

    It should be /md/node_name.

     

    Turn on debugging on that node to see what radius attributes are returned:

     

    config t

    logging security process aaa level debugging

     

    Authenticate, then type "show log security 50":

     

     



  • 6.  RE: AOS 8.X Restrict access to specific Node

    Posted Jan 22, 2020 07:54 AM

    Is it possible to allow access to multiple groups instead of a single node?

     

    /md/Company/EMEA/UK/London

    /md/Company/AMER/US/NewYork

    /md/Company/AMER/US/SanFrancisco

    exist.

     

    I want to restrict RW access to the first two groups only.

    Tried to add the first two comma (or semicolon) separated. No luck.

    Also no luck with adding two aruba-admin-path statements in CPPM.

     

    Is it possible to provide access to multiple groups (or nodes in such groups)?

    What works is to specify a single group.

     

    This is on AOS 8.6.0.2

     

    Thanks,

    Christian



  • 7.  RE: AOS 8.X Restrict access to specific Node

    EMPLOYEE
    Posted Jan 22, 2020 08:12 AM

    Only a single group is supported for now.

     

    Please make a request for multiple groups here: https://innovate.arubanetworks.com

     

     

     

     



  • 8.  RE: AOS 8.X Restrict access to specific Node

    Posted Nov 11, 2020 11:07 AM
    hi,

    Do you know if Aruba-Admin-Path attribute is working with read-only role?
    I have 3 groups, and i want my user have access to only one group in Read Only. The others groups should be hidden. 

    /md/1 (Access in RO)
    /md/2 (Hidden/No access)
    /md/3 (Hidden/No access)

    it seems there is no way to hide a part of the node-hierarchy, even if there is no child/parent relationship

    Thank you

    ------------------------------
    Sebastien Blondeau-Danne
    ------------------------------

    Original Message


  • 9.  RE: AOS 8.X Restrict access to specific Node

    EMPLOYEE
    Posted Nov 11, 2020 01:20 PM
    Nodes cannot be hidden, but you can configure Read Only to specific nodes yes.


    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------

    Original Message


  • 10.  RE: AOS 8.X Restrict access to specific Node

    Posted Feb 21, 2022 03:50 PM
    Hi Victor - Sorry to revive an old thread.

    Can the 'Aruba-Admin-Path' attribute be used with TACACS?

    I have a customer that uses TACACS only and would like to implement this.

    ------------------------------
    Regards,

    Brett V
    ------------------------------

    Original Message